338622 matches found
TencentOS Server 2: kernel (TSSA-2026:0314)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0314 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-bad-free (UTSA-2026-021400)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021400 advisory. GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...
Linux Distros Unpatched Vulnerability : CVE-2026-8539
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a...
Linux Distros Unpatched Vulnerability : CVE-2026-8575
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbo...
Linux Distros Unpatched Vulnerability : CVE-2026-8532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2026-45698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45698 Note that Nessus relies on the presence of the package as reported by the vendor...
TencentOS Server 3: kernel (TSSA-2026:0316)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0316 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2026-8522
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromiu...
Linux Distros Unpatched Vulnerability : CVE-2026-46470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not...
GitLab 17.6 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-3073)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authorization Bypass Through User-Controlled Key in GitLab CVE-2026-3073 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021268 advisory. Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in...
Linux Distros Unpatched Vulnerability : CVE-2026-7210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash...
Amazon Linux 2 : python-lxml, --advisory ALAS2-2026-3297 (ALAS-2026-3297)
The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3297 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the...
MiracleLinux 8 : krb5-1.18.2-34.el8_10 (AXSA:2026-613:03)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-613:03 advisory. krb5: MIT Kerberos 5 krb5: Denial of Service via integer underflow and out-of-bounds read CVE-2026-40356 krb5: MIT Kerberos 5: Denial of Service via...
Linux Distros Unpatched Vulnerability : CVE-2026-8571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to...
Amazon Linux 2 : python-tornado, --advisory ALAS2-2026-3286 (ALAS-2026-3286)
The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3286 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021308)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021308 advisory. Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-bad-free (UTSA-2026-021393)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021393 advisory. GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...
Security Updates for Microsoft Windows Admin Center (May 2026)
The Microsoft Windows Admin Center installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. CVE-2026-35438 - Improper access...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-117 (ALASKERNEL-5.10-2026-117)
The version of kernel installed on the remote host is prior to 5.10.253-251.1014. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-117 advisory. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port...
Linux Distros Unpatched Vulnerability : CVE-2026-8528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer...
Fedora 42 : krb5 (2026-6c99aaa6d3)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c99aaa6d3 advisory. - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Tenable has extracted the preceding description block directly from the Fedora...
Linux Distros Unpatched Vulnerability : CVE-2026-8517
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI...
Linux Distros Unpatched Vulnerability : CVE-2026-44052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LD...
Linux Distros Unpatched Vulnerability : CVE-2026-42582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of...
Amazon Linux 2 : vim, --advisory ALAS2-2026-3292 (ALAS-2026-3292)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3292 advisory. Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is...
Linux Distros Unpatched Vulnerability : CVE-2026-44072
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute...
Linux Distros Unpatched Vulnerability : CVE-2026-8509
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...
GitLab 15.7 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-6883)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing Authorization in GitLab CVE-2026-6883 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenabl...
Linux Distros Unpatched Vulnerability : CVE-2026-8536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the...
Linux Distros Unpatched Vulnerability : CVE-2026-8496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript...
RHEL 9 : libpng (RHSA-2026:17603)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17603 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...
Linux Distros Unpatched Vulnerability : CVE-2026-8587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execut...
Linux Distros Unpatched Vulnerability : CVE-2026-6478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticat...
RockyLinux 8 : kernel (RLSA-2026:16195)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:16195 advisory. kernel: Dirty Frag is a new universal Local Privilege Escalation LPE vulnerability in the Linux kernel CVE-2026-43284 Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-44240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline...
Google Chrome < 148.0.7778.167 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 148.0.7778.167. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop12 advisory. - Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.16...
Linux Distros Unpatched Vulnerability : CVE-2026-44307
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory...
Linux Distros Unpatched Vulnerability : CVE-2026-41018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2026-021391)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021391 advisory. GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...
RHEL 9 : openexr update (Important) (RHSA-2026:17658)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17658 advisory. Please update Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory. Note that Nessus h...
Fedora 43 : nix (2026-5dfbb9ed69)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5dfbb9ed69 advisory. - update to 2.31.5: fixes high GHSA-vh5x-56v6-4368 and moderate GHSA-gr92-w2r5-qw5p -...
Linux Distros Unpatched Vulnerability : CVE-2026-45699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - security update CVE-2026-45699 Note that Nessus relies on the presence of the package as reported by the vendor...
RHEL 10 : libsoup3 (RHSA-2026:17482)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17482 advisory. Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup,...
GitLab 11.10 < 18.9.7 / 18.10 < 18.10.6 / 18.11 < 18.11.3 (CVE-2026-6063)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Authorization Bypass Through User-Controlled Key in GitLab CVE-2026-6063 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Linux Distros Unpatched Vulnerability : CVE-2026-42946
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the ngxhttpscgimodule and ngxhttpuwsgimodule modules that may result in excessive memory allocation or an over-read of data. When...
Linux Distros Unpatched Vulnerability : CVE-2026-44053
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or...
Linux Distros Unpatched Vulnerability : CVE-2026-6959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symli...
Linux Distros Unpatched Vulnerability : CVE-2026-8541
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially...
Security Updates for Microsoft SQL Server (May 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. CVE-2026-40370 Note that Nessus has...